Tag Archives: Nilekani

Post navigation

The aadhaar project has become the bane of average Indians, threatening their access to all manner of services. basic questions have sometimes been asked and almost never been answered, saysUsha Ramanathan, in the first of a multi-part series.
The Unique Identity (UID) project has been around for over four years. The Unique Identification Authority of India (UIDAI) was set up by an executive notification dated 28 January 2009 and came into its own after Mr Nandan Nilekani was appointed as chairperson in July 2009. Now it has, as some observers say, become an experiment being conducted on the entire country.
In its early stages, it was marketed, simply, as giving the poor and the undocumented an identity. It was to be voluntary, and an entitlement. But, it is evident even from the Strategy Overview document of the UIDAI that it was never intended to be an entitlement that people may choose to adopt or ignore. That document said that “enrolment will not be mandated”, but went on to add: “This will not, however, preclude governments or registrars from mandating enrolment”. So, the potential for compulsion was built into the architecture of the project. Starting in 2012, voluntariness began to be eroded, and threats of exclusion from services and entitlements began to be bandied about. By January 2013, a virtual panic was set off when it was announced that various services and entitlements would not be accessible to persons who did not have a UID number.
Mr Nilekani has said time and again that half the population is expected to be enrolled by the end of 2014; yet, there have been warnings that people without a UID number may find themselves unable to access benefits and subsidies if they did not have it, if a bank account had not been opened, and if the UID number were not embedded in the bank account. So, subsidy for cooking gas, kerosene, and scholarships, for instance, became dependent on having a bank account seeded with the UID, or aadhaar, number. In case anyone wonders what the UIDAI has to do with these decisions, it is the chairperson of the UIDAI, Mr Nilekani, who chaired the committees that recommended these changes. The reports are in the public domain.
From its inception, the UID project has been about creating the ‘database resident’. The website of the Department of Information Technology, which has been renamed as Department of Electronics and Information Technology, modestly carrying the acronym DeitY, has said all along that “Project UID, a Planning Commission initiative, proposes to create a central database of residents, initially of those above the age of 18 years”. Except, that the UIDAI got more ambitious and wanted everyone, from the newborn to the oldest resident, on its database. And it was always intended to converge various databases to construct a profile of the individual, and to this effect the website of DeitY says that “the project envisages provision of linking of existing databases, as well as providing for future additions, by the user agencies”. The MoUs between the UIDAI and various registrars that include the state governments, oil companies, banks and the Registrar-General of India, who is in charge of census and the National Population Register and socio-economic and caste census, not only provide for various additional fields of data being collected during enrolment, but also for having the UID number appended to each such database.
As for biometrics, documents reveal that when the decision was made to use fingerprints and iris for enrolment, there was no knowledge about whether these biometrics would work in India, given the demographic and environmental conditions. In fact, it has since been found that with age the fingerprint fades, that manual labour makes the fingerprint difficult to read, that malnourishment-induced cataract blights an estimated 8-10 million people, and so on. In fact, as recently as 23 April 2013, Mr Nilekani said in his speech at the Centre for Global Development in Washington: “We came to the conclusion that if we take sufficient data, biometric data of an individual, then that person’s biometric will be unique across a billion people. Now we have to find that out. We haven’t done it yet. So we’ll discover it as we go along.” First, the conclusion. Then they will wait to find out! That is why some observers of the project have been saying that it is an experiment being conducted on the entire population. The consequences of failure have not been discussed, although, in a talk at the World Bank in Washington on 24 April 2013, Mr Nilekani said in response to a question about what he thought was the greatest downside risk to the UID: “To answer the question about what is the biggest risk,” he said “in some sense, you run the risk of creating a single point of failure also.”
There is more to cause concern, and much to be answered about UID.
(The writer is an academic activist. She has researched the UID and its ramifications since 2009.)LEGALITY
The UID project is proceeding without the cover of law. There is only the notification of January 2009 which says the UIDAI “owns” the database, but which says nothing about how it may be used, or what will happen if it fails or if there is identity fraud, or some outside agency gains access to the database. A Bill was introduced in Parliament in December 2010, after the project had been launched and data collection had begun. The Bill collapsed in December 2011 when the Parliamentary Standing Committee found it severely defective, and after it found that the Bill and the project needed to be sent back to the drawing board. There is no sign yet of a Bill, and any protection that the law may offer is non-existent. There is no law to protect privacy either.Convergence and snooping
The UIDAI, and Mr Nilekani, have refused to address the probability of surveillance, convergence, tracking, profiling, tagging and intrusions into privacy that is likely to result from the creation of the database of residents and the intended convergence. The link between technology, databases, governmental power and corporate involvement in creating, maintaining, managing and using databases has produced various scenarios of surveillance that we ignore at our peril. PRISM is such a stark demonstration of the ambitions that can fuel a state that the UIDAI can no longer just say `no comment’ when asked about the surveillance potential being created.
In the same period, the state has already set up agencies such as the Natgrid, NCTC, NTRO, CCTNS, MAC which will use the potential for convergence of databases that the UID makes possible. In April 2011, the government made rules under the IT Act 2000, by which it would be able to access any data held by any “body corporate”. More recently, we have been hearing about the CMS, or the Central Monitoring System, speaking to a surveillance and control approach that will have the state snooping on us with no oversight, no prior permission, no answerability at any time to anyone.
The companies engaged by the UIDAI to manage the database include L1 Identity Solutions and Accenture. The UIDAI, in response to an RTI request, has claimed that they have no means of knowing that these are foreign companies, given the process of their selection! Yet, a search on the internet reveals the closeness between the L1 Identity Solutions and the CIA, and that after a recent transaction, it is part-owned by the French government; while Accenture is in a Smart Borders Project with the US Department of Homeland Security. Data security, personal security, national security and global surveillance are all drawn into a ring of concern, but remain unaddressed.

Mumbai : Nandan Nilekani is not just determined to provide Aadhaar, the 12-digit individual identification number, to citizens across India but to make the idea “irreversible” and “sustainable” before the next elections.

“Making Aadhaar irreversible is a very important strategic objective. I think the irreversibility comes when half a billion Indians have Aadhaar number,” Nilekani, chairman of the Unique Identification Authority of India (UIDAI), said at the Express Adda here Thursday evening. “If we can reach 500 million people by 2014, then I think it’s set.”

On opposition to the concept within the government, he said he “didn’t understand the internal competitive dynamics of the government”.

However, Nilekani added, Aadhaar had got “terrific momentum” and “huge support” from various departments. “I received tremendous political support. It was tripartisan support… from UPA-ruled states, BJP states and Tripura. I personally went to every state and met the chief minister and bureaucrats.”

“Fundamentally you can’t do a project of this scale which has the potential to cause so much disruptive change without unstinted political endorsement. I think all key people in the government provided that unstinted political endorsement.”

Nilekani, who was in conversation with The Indian Express Editor-in-Chief Shekhar Gupta and McKinsey & Company Chairman, India, Adil Zainulbhai, also said there was no real measurement of performance in something like UID. “My team at UIDAI is extremely passionate and the best part is that they are from the system,” he said.

Asked about the most challenging problem he had faced, the Infosys co-founder said: “Getting that design and architecture right to make a change is very, very important… When you want to make a change, there will always be a negative coalition against what you are doing. How do you create a minimally invasive method of implementing a change? Change by method is opposed. Make your change blunt… We can’t do much except move quickly and expeditiously.”

Did he ever think of giving up? “There were many occasions where I felt it was a bumpy ride… I faced great stress, but I never felt I should quit. I felt I have to see it through. If I fail, then I let down a thousand guys who wanted to do what I do. A lot of other people’s aspirations depend on my delivering,” Nilekani said.

UIDAI has already enrolled 300 million people and another 270 million have been issued numbers, he added. With it, Nilekani said, “government expenditure becomes more efficient. The entire cost of this project is less than $4 billion. Your annual expenditure on entitlements, subsidies etc is something like $60 billion. For a life-time investment of $4 billion, you get efficiency on $60 billion. Tomorrow it could be $100 billion.”

It is odd that an initiative like UIDAI, with its vast implications, should be uncontrolled by any legislation

Gautam Patel, Mumbai mirror

Posted On Friday, January 25, 2013

Important message for Savings Account holders having Aadhaar / UID number issued by UIDAI” says the message on my bank’s online banking page. I follow the link. “You can now link your Aadhaar / UID Number to your Savings Account to avail the benefits of Government subsidies/payments directly into your bank account,” I am told. How nice. Problem is I don’t “avail of Government subsidies/payments”.

So why would I need an Aadhaar card? And what are the chances that someone who is entitled to a government subsidy would be able to get online to see this message in the first place? The Unique Identification Authority of India is not a corporation, not a government body. It is just a scheme of the Planning Commission. And it has, with quite unusual zest and zeal, set about the gargantuan task of “mapping” everybody in India, providing every single person with a unique identification number. But, as we all know, this is much more than a casual mapping. It is a full-fledged biometric database with fingerprints, photographs, addresses and more.

In some State-level variants, you can link your bank accounts to this database. The general idea, a brainchild of Mr Nandan Nilekani, is to cut through India‘s Byzantine bureaucracy and deliver government subsidies and grants to those intended, side-stepping all the money-grubbing talons en route. That sounds sensible and fair and, and perhaps in an ideal world, one in which we might be able to trust each other and those we put in power, transformative. Mr Nilekani’s vision is utopian; reality? Not so much. That an initiative so vast in its implications, its spending and its ambition should be uncontrolled by any legislation is more than a little odd.

There is no statute to control how this information can be used or by whom and under what conditions. There is no legislation, and there is also no parliamentary or judicial supervision. What is the remedy to a citizen who finds his information has been misused? Who is to be held responsible, and how, and under what law? How is it even possible to start the implementation of something along these lines without some formal structure? The UID enrolment scheme, though said to be ‘voluntary’, is aimed squarely at becoming non-optional. When banks and financial institutions start insisting on Aadhaar cards, we will be left with no choice.

This is one material distinction between, say, a passport or a driving license and an Aadhaar card. You can swan through life without a passport or a driving license. Proponents of the UID/Aadhaar scheme tell us that there is no cause for worry; passport-issuing authorities and transport officials collect pretty much the same information. Indeed they do, and passports even have a unique file number from which every bit of information can be retrieved.

The difference lies in points of access; who can access this information. The stuff that’s in government files isn’t open to banks and isn’t accessible except under regulated conditions. This is why so much information needs to be replicated. Once all this information is made available in a centralized database to a whole slew of agencies and, worse, private operators (not just banks; there’s no reason your path lab or favourite fast joint shouldn’t have it too – it is, after all, “only an id”) then we’re in the world of Eye-See-You.

An even simpler question. We give the UIDAI all this information. In return for what? What is the quid pro quo? This scheme only makes sense if you’re eligible for subsidies, grain, anywhere in a public distribution system. What if you’re not? And I already have sufficient ‘identification’.

Do I need one more card? And where does it say that this one card will replace them all? The one thing that the scheme greatly enables is the government snooping on citizens. When researchers and scholars like Usha Ramanathan point to these – and a myriad other – problems with the scheme, they are not being merely alarmist or obtuse. They are raising very fundamental issues of the meaning of liberty in the context of our polity.

Whether or not this spying is actually happening is not the point; the UID system facilitates it, and in the hands of an errant government is capable of the most egregious abuse. On the rare occasions we are moved to speak of liberty, we only do so by calling it a right. It is much more. Like the air we breathe, it is essential to survival, an undefinable hard won, easily lost, and under constant threat.

The deadliest assaults are the ones that come up in stealth, disguised as progress and achievement and the pledge of universal prosperity. The brightness of these promises blinds us to what lurks darkly beneath: that dreadful gaping, fanged maw of the state, a creature with an insatiable appetite for control and dominion. Nobody doubts Mr Nilekani’s intentions, ideals or integrity; all are beyond reproach. But as Cervantes tells us, idealists are not the wisest of men. For all their inefficiency and replication and nuisance, those free-standing silos of information we now have do not demand of us the much too heavy price of such idealism.

1. The UID was promoted as a `voluntary’ `entitlement’. Now, people are being threatened that they canot access any services or institutions unless they are enrolled for a UID. This has not happened only because states have so decided, but are based largely on the reports of committees that Mr Nilekani has chaired since he became Chairman of the UIDAI.

2. This coercion has been introduced into a project where no feasibility study has been done till date. On 28 September, 2010, 17 eminent citizens had raised questions about the launch of a project of this nature without even a report on feasibility. The Parliamentary Standing Committee had raised similar concerns. There are no answers yet,and yet the coercion has become the norm.

3. The Standing Committee on Finance roundly rejected the National Identification Authority of India Bill 2010, by its report presented to Parliament on December 13, 2011. It also said that the UID project needs to be sent back to the drawing board, citing various deficiencies in its plan and execution.

The UIDAI and Dr Manmohan Singh‘s government have chosen to ignore the report. There is still no law. And the UID project, and the compulsion that has been introduced, are occurring beyond the protection of the law.

4. Proof of Concept studies were done only after the project was already underway. While doing the PoC on enrolment (uploaded in February 2011, over 4 months after enrolment had begun), the report says, they did not include areca nut workers and other plantation workers because this would only complicate the sample. How can such a study find validity. Also, the findings of the study are not substantiated; the evidence is not available, and those reading the report critically have found it to be self-serving.

The Fingerprint Authentication report (March 2012) and the Iris Authentication report (September 2012) suffer from similar problems. And unreasonable assumptions have been used to make it appear like the technology can be made to work: for instance, it is said in the report that iris never changes! A study by two professors at Notre Dame demonstrates that this is in fact untrue, and that those who have been saying it have done so because no longitudinal studies had been done thus far, since this is such recent technology!

5. The UIDAI, especially Mr Nilekani, is pushing for `re-engineering’ all systems and `seeding’ all data bases with the UID number to make it `ubiquitous’. This will make all systems dependent on the UID system functioning. Already, the inability to authenticate people is showing signs of requiring the use of `manual override’, which is a magnificent source of `lwakage’ and of exclusion of those the systemt does not authenticate. This unseemly haste to shift to untested and undependable technology is a source of grave concern.

6. The seeding of the number everywhere also raises privacy concerns. Mr Nilekani has not denied that the UID project raises serious privacy issues. But he has sidestepped the issue, saying that it is an issue wider than the UID project and needs a general law, and so he will not worry himself about it.

Whatever his assumption of responsiblity to ensure the protection of privacy — and in this case it would include concerns of profiling, tracking, tagging, convergence of data, data mining, the state and all manner of people gaining access to this data bank that is being created especially in the context of data becoming a transactable commosity — must precede consideration of any such project. Instead, there is no law governing the project and the uses to it which it may put; and there is no law on privacy either.

7. While still on privacy, it is being propagated that `the poor have no use for privacy’. This casual dismissal of such a right, especially given how vulnerable the poor, including classes of migrants, homeless, jhuggi dwellers, casualised workforce, for instance, are needs to be confronted.

8. There is much concern about the companies to whom the UIDAI has given contracts. There are companies like L1 Identity Solutions whose favoured customer has been the CIA, where a former director of the CIA, George Tenet, was even on their Board. Accenture, another company shortlisted for the project, is on Smart Borders Project with the US Homeland Security. US law requires all agencies to provide any information demanded of them to the Homeland Security if asked.

When the UIDAI was sent an RTI asking why they had enlisted foreign companies such as these in the project, the answer was that they had no way of knowing whether they were foreign companies — because the way invited participation did not elicit this information!

The absence of a law means that there is nothing binding them to a legal structure within which we could hold them.

The contracts with these companies are being denied for public persual in the name of `confidentiality’

9. The rampant outsourcing in the project means that all manner of people handle our data, including biometric data, and there is little that we can do when it is traded, misused, shared, lost ….

In January 2011, the Home Minsitry had said that they could not use UIDAI data because it was insecure, unverified and coudl pose a security threat. Then they patched up their differences and decided to share the country 50:50! As citizens, though, the rapprochement does not answer the problems raised by the Home Ministry.

The government announced that from January 2013, 51 districts of the country would be subjected to Aadhaar- based direct cash transfers (DCT). We need some basic answers before we get to term the initiative as a game-changer.

Nilekani’s idea in differing conditions, with focus on testing the system under stress conditions.

Quick-fix solutions?: The latest fix is through the new improved micro ATM architecture where BCs sort out the last mile. Technology provides a fix on authentication and transaction recording. This assumes that the physical connectivity between the branch and the customer through the intervention of a human being fixes the issue.But the cash has to be delivered physically. With 1,50,000 post offices, and postmen visiting all the habitations regularly, with an instrument of money order, we have not been able to sort out the problem of transferring the cash from the coffers to the beneficiaries.

The finance ministry has not convincingly established the business case for a BC. Do we have an idea how a BC would do it better? The answer would be in commissions and incentives. Agreed.

But where is the business case to the banking institutions if these costs are loaded? Does it work at scale?

Too much is loaded on to a single intervention, involving commercial institutions, without a strong business case.

The approach of the government is worrisome. It may be a part of the measures in the run up to the 2014 election is the simplicity with which the solutions are offered. That the entire country can take a single solution; that the solution can be offered through the banking system; that the only impending problem was establishing identity; and that Aadhaar will sort out issues much more than identity and fix leakages and petty corruption.

The commercial sector would have looked at this through the lens of segmentation, test marketing and local strategies. The government believes in standardisation and scale.

Even if Aadhaar number is subjected to multiple pilots in several locations, it is difficult to imagine how these pilots have informed this aggressive rollout of cash. This space is getting to be interesting and we need to watch for more action.

Dec 8, 2012–A big hue and cry has been been rasied among activists after the walkout from the Sixth Justice VM Tarkunde Memorial Lecture because Shri Nandan Manohar Nilekani was chosen to deliver it on November 23, 2012.

When the lecture was announced many of us were stunned at the fact that how could PUCL be associated with an event wherein Nandan Nilekani has been given a platform to speak. All human righst activists involved in say no to uid campaign, wrote individually to PUCL to cancel the event and PUCL came up with the following a public statement which said

We had issued a statement where we made explicit that our opposition to UDIAI has not changed nor our continuing to oppose the UID project. We had also spoken to and followed by writing to the organisers informing our stand on UIDAI, that selection of a person like Mr. Nilekani is contradictory to the very ideals that Justice Tarkunde’s work and persona reflected, and therefore the demand for calling off the lecture as also that we did not want to be associated with the event. The organisers had also accepted our request and agreed not to associate PUCL with the event .

As event was not cancelled, but PUCL had disassociated , the civil liberteis activists at the public meeting on Nov 23rd 2012 ,decided to walk out to show their protest the Read the report here

There after, there has been many email exchanges which are reproduced below

Clarification by PUCL

Dear friends,
I have been forwarded a news item “Why civil liberties activists walked out from Nandan Nilekani ‘s lecture” in which it is stated that those who walked out included “N.D.Pancholi, President, People’s Union For civil liberties (PUCL) Delhi” amongst others. It is entirely incorrect. I did not walk out in protest from the multipurpose hall where the lecture was being held. I had come out from the hall when I heard some noises outside and had some discussion with the protestors. I am one of the members of the Tarkunde Memorial Foundation. It is also not correct, as stated in the report, that “organisers rushed and tried to take back the papers”. It is also incorrect that the organisers termed the silent and peacerful distribution of the Statement as “trouble”. If some participants in the audience felt disturbed while the said activists were distributing statement, and made some remarks, organisers have nothing to do with it. Please make necessary corrections in your report and publish my clarification..
Thanking you,
N.D.Pancholi

Usha Ramanathan who was at the meeting and walked out responded

It is indeed true that Mr Pancholi did not walk out. He came out with the organisers who also anxiously came out of the hall because of the walk out.

As for the rest, it is indeed true that the orgainsers did take back the papers that had been quietly passed around. May be Mr Pancholi did not see it happening, but others amongst us did, and Mr Riain Karanjawala, who is among the organisers, did not deny it when he was confronted, by Vrinda Grover, with this illiberal act. It is also true that it was a member of the organisers’ team that termed what had happened as `trouble’. This too was hotly contested on the steps of the multipurpose hall where the meeeting was being held. And, as Vrinda pointed out, if what had happened could be termed trouble — viz., handing out papers that would set out the dangers of a project that was being promoted on the platform that had been provided to the one marketing the project; and the walk out that was intended to indicate that this is not a compliant citizenry which has no civil liberties consciousness –the that was what Justice Tarkunde had been doing all his life!

May be Mr Pancholi objects to the young props of the organisers who acted as if we posed a threat to the meeting as being thought of as part of the `organisers’. There is, however, no question that they were acting on behalf of the organisers. There is also no question that Mr Riain Karanjawala came out to take over from his young team. Mr Pancholi was there. Mr Pancholi may also recall that he said to us to give him the papers that we said was being confiscated in the room, and that he would ensure that they were distributed; and Mr Karanjawala silenced him with unwonted vigour. It is also a fact that Mr Karanjawala made disgruntled murmurs that he had never wanted PUCL as part of the Tarkunde lecture but that Justcie Sachar had prevailed on him, and, his tone made unmistakable, he, Mr Karanjawala regretted the error.

Mr Pancholi was part of the meeting that decided to invite Mr Nandan Nilekani. We know that Mr Pancholi is a member of the PUCL, and that he has been opposed to the UID project. However, it seems he may not have been fully cognisant of Mr Nilekani’s connection with the UID project. So, he ended up being a part of the inviting team. That he walked out of the hall of course does not mean that he was part of our walk out. He was walking out to see what was happening; and something certainly was, outside the hall, on the steps. And that included words exchanged about `trouble’, about PUCL, about taking back papers that had been circulated, about free expression, and about Justice Tarkunde not belonging to any particular set of people, not his family, not PUCL, but the wider community of people who have held him in high esteem through these years of his work and beyond.

The again on Dec 3rd 2012, Mr Pancholi responded

This is with reference to the comments made by Usha on my clarification which I sent in reply to a news item “Why civil liberties activists walked out from Nandan Nilekani’s lecture” published on a website ‘Kractivist’.
When I said to Vrinda to hand me over the pamphlets so that I could ensure that the same were properly distributed, she replied that she had no pamphlets as the same were distributed and were in turn snatched away from the participants by some youngmen. I told her that the civil liberties activists should have informed the organisers or me beforehand of their intentions of distributing the pamphlets. Had they disclosed such intention, some way could have been found out without disturbing the lecture. It is her misconception to say that Mr. Karanjwala silenced me.
Earlier Shri Sandeep Singh (of Citizens Forum For Civil Liberties) had come alongwith some activists at the auditorium almost one hour before the start of the lecture and on my enquiry he had assured me that to his knowledge there was no plan of making any protest or disturbing the lecture.
During the midst of the lecture when the audience is attentive to the speaker, if some activists, suddenly and without informing the organizers, start distributing the pamphlets, the same certainly cannot be called peaceful and silent distribution. It disturbs the speaker as well as the listeners. I stick to my statement made in my clarification that organizers of the lecture are not involved as alleged for taking back the said pamphlets or making any remark ‘trouble’ as alleged.
I am doubtful of UID project but I am not averse to listening opposite point of view. Listening other point s of views helps me in making my perceptions clearer, and enables me to correct myself if I am in error.
The moment Tarkunde Memorial Foundation announced the lecture, the demands were being made from a section of the civil liberties activists that lecture should be ‘called off’. This demand was continued to be made even after PUCL declared its non-association with the event. Statements made by Usha and PUCL also emphasized this demand. I am at a loss to understand as to how civil liberties activists can ask any other organization to call off the lecture simply because they do not agree with the views of the speaker! Is there any place in the ‘civil liberties consciousness’ for tolerance and to listen to opposite point of view peacefully?

The finaly reply by Usha Ramanathan and Vrinda Grover, both who were at the meeting, received today is below

There is little point that i can see in going round and round our memories of 23rd November. I think what had to be said has been said.

Except — Mr Pancholi now considers those who had a problem with Mr Nilekani being given a civil liberties platform undemocratic! That seems somewhat naive and ingenuous.

Since November 2009, we have been trying to get Mr Nilekani to answer some basic questions, and we have met with surliness as a response, each time. On 28 September, 2010, a statement issued by 17 eminent citizens raised questions that remain unanswered till today. (I am attaching the statement with this mail; this is the `pamphlet’ to which Mr Pancholi alludes.) Among the signatories are Kannabiran and Kavita and Aruna Roy, all members of PUCL. Kannabiran had also been advocating civil disobedience, if that was the only way to stop this project. The UID project, and its implications for civil liberties, was presented at the PUCL National Convention last year (2011), as was the problem with the sullen silence that had been the consistent response to our questions. Read the Parliamentary Standing Committee report on the Bill that was to give stautory status to the UIDAI, and it is peppered with evidence of recalcitrance on the part of Mr Nilekani and his team to answer questions. There has been overt hostility towards those raising the questions.

Mr Nilekani has had more than his share of talks and lectures where he has marketed the project. He has been heard — many times — and it is a consequence of this that we are now aware that the project projection is full of half-truths and lies.

We have no desire to storm around preventing Mr Nilekani from speaking; in fact, some of us have gone to hear him speak many times, seeking information, and clarity. That we have been disappointed each time is another matter; and that, needless to say, is an extreme understatement.

Our objection was to providing Mr Nilekani a civil liberties platform. After all, when someone is to be invited to speak at the Justice Tarkunde Memorial Lecture, the least we are entitled to expect is that the speaker should not be heading, and marketing, a project that poses a threat to civil liberties! I would have thought that we need to make sure that the platform is not used for promoting anti-civil liberties policies and action! If those inviting him had not studied the project, or had not heard him, or were not aware that he had anything to do with the project, it was, doubtless, irresponsibility on their part to have invited him in ignorance of his policy and his politics.

What made it worse was that this was a `lecture’. If it had been a debate, Mr Nilekani could have been asked to answer all those questions he has been sidestepping and refusing to answer through these three years. Of course, it can safely be hypothesised that Mr Nilekani may then have turned down the invitation, for he has not shown a penchant to being challenged.

This is a project that is not governed by law; and, literally, lawless. It is a project that was marketed as `voluntary’ and has now become mandatory, immediately for the poor to be extended over time to everyone. It is intended to converge data, facilitating tagging, tracking, profiling,and placing people under surveillance. It is a project that demands that that state and corporations be allowed to use biometrics as markers of identity; so, fingerprints and iris scans are to be the norm, and we are to be rendered choiceless in this use of the bosy as a marker. The individual is to be transparent to the state and to the corporation. Biometrics was used in the defence industry, but it was through its expansion into civilian spaces that its profit-through-proliferation is sought to be achieved. The companies involved in the project, including such ones as L1 Identity Solutions and Accenture have relationships with Homeland Security and the CIA. All this, and more, is known. Mr Nilekani’s task is to make this universal and ubiquitous. And he is to be given a civil liberties platform to sell the project, and those who object are undemocratic? These are strange times indeed.

The right to free expression does not require anyone to take permission to exercise the right. Isn’t that the civil liberties perspective? This was a silent and peacable passing around of a statement that would help people understand what the issues are. It is the snatching back of the papers that constitute an act of disruption, surely!!

Thanks for providing the space to have this exchange. With this, i rest my case. It is plain that what time there is needs to be dedicated to spreading understanding about the UID project. Clearly, what has been done has not been quite enough.

The project that proposes to give every resident a `unique identity number’ is a matter of great concern for those working on issues of food security, NREGA, migration, technology, decentralisation, constitutionalism, civil liberties and human rights. The process of setting up the Authority has resulted in very little, if any, discussion about this project and its effects and fallout. The documents on the UIDAI website, and a recent draft law (the National Identification Authority Bill, which is also on the website) do not provide answers to the many questions that are being raised in the public domain. This project is intended to collect demographic data about all residents in the country. It is said that it will impact on the PDS and NREGA programmes, and plug leakages and save the government large sums of money. It would, however, seem that even basic procedures have not been followed before launching on such a massive project.

Before it goes any further, we consider it imperative that the following be done:

Do a feasibility study: There are claims made in relation to the project, about what it can do for PDS and NREGA, for instance, which does not reflect any understanding of the situation of the situation on the ground. The project documents do not say what other effects the project may have, including its potential to be intrusive and violative of privacy, who may handle the data (there will be multiple persons involved in entering, maintaining and using the data), who may be able to have access to the data and similar other questions.

Do a cost-benefit analysis: It is reported that the UIDAI estimates the project will costs Rs 45,000 crores to the exchequer in the next 4 years. This does not seem to include the costs that will be incurred by Registrars, Enrollers, internal systems costs that the PDs system will have to budget if it is to be able to use the UID, the estimated cost to the end user and to the number holder.

In a system such as this, a mere statement that the UIDAI will deal with the security of the data is obviously insufficient. How does the UIDAI propose to deal with data theft? If this security cannot be reasonably guaranteed, the wisdom of holding such data in a central registry may need to be reviewed.

The involvement of firms such as Ernst & Young and Accenture raise further questions about who will have access to the data, and what that means to the people of India.

Constitutionality of this project, including in the matter of privacy, the relationship between the state and the people, security and other fundamental rights.

Questions have been raised which have not been addressed so far, including those about –

Undemocratic process: UIDAI was set-up via a GoI notification as an attached office of the Planning Commission without any discussion or debate in the Parliament or civil society. In the year and a half of its inception, the Authority has signed MoUs with virtually all states and UTs, LIC, Petroleum Ministry and many banks. In July, the Authority circulated the draft NIA Bill (to achieve statutory status); the window for public feedback was two weeks. Despite widespread feedback and calls for making all feedback public, the Authority has not made feedback available. Further in direct contravention to the process of public feedback, the NIA Bill was listed for introduction in the Lok Sabha 2010 monsoon session

Privacy (It is only now that the DoPT is said to be working on a draft of a privacy law, but nothing is out for discussion even yet)

Surveillance: where this technology, and the existence of the UID number, and its working, could result in increasing the potential for surveillance

Profiling

Tracking

Convergence, by which those with access to state power, as well as companies, could collate information about each individual with the help of the UID number.

National IDs have been abandoned in the US, Australia and the newly-elected British government. The reasons have predominantly been: costs and privacy. If it is too expensive for the US with a population of 308 million, and the UK with 61 million people, and Australia with 21 million people, it is being asked why India thinks it can prioritise its spending in this direction. In the UK, the Home Secretary explained that they were abandoning the project because it would otherwise be `intrusive bullying’ by the state, and that the government intended to be the `servant’ of the people, and not their `master’. Is there a lesson in it for us? In the late nineties, the Supreme Court of Philippines struck down the President’s Executive Order A.O 308 which instituted a biometric based national ID system calling it unconstitutional on two grounds – the overreach of the executive over the legislative powers of the congress and invasion of privacy. The same is applicable in India – UIDAI has been constituted on the basis of a GoI notification and there is a fundamental risk to civil liberties with the convergence of UID, NATGRID etc.

The UIDAI is still at the stage of conducting pilot studies. The biometric pilot study has reportedly already thrown up problems especially among the poor whose fingerprints are not stable, and whose iris scans suffer from malnourishment related cataract and among whom the incidence of corneal scars is often found. The project is clearly still in its inception. The project should be halted before it goes any further and the prelude to the project be attended to, the public informed and consulted, and the wisdom of the project determined. The Draft Bill too needs to be publicly debated. This is a project that could change the status of the people in this country, with effects on our security and constitutional rights, and a consideration of all aspects of the project should be undertaken with this in mind.

We, therefore, ask that:

The project be halted

A feasibility study be done covering all aspects of this issue

Experts be tasked with studying its constitutionality

The law on privacy be urgently worked on (this will affect matters way beyond the UID project)

A cost : benefit analysis be done

A public, informed debate be conducted before any such major change be brought in.

This Statement was issued to the Press on 28th September, 2010 in New Delhi

All the Many persons – friends of PUCL, members of PUCL – present and former, and others from the human rights fraternity who contacted the PUCL.

I thank all of you who wrote or spoke to us to express your sense of outrage, anger and opposition to the selection of Mr. Nandan Nilekani, Chairman of UIDAI to deliver the 6th Tarkunde Memorial Lecture with the demand that PUCL disassociate with the event. Many persons also wanted clarification on our stand on the UIDAI. We had issued a statement where we made explicit that our opposition to UDIAI has not changed nor our continuing to oppose the UID project. We had also spoken to and followed by writing to the organisers informing our stand on UIDAI, that selection of a person like Mr. Nilekani is contradictory to the very ideals that Justice Tarkunde’s work and persona reflected, and therefore the demand for calling off the lecture as also that we did not want to be associated with the event. The organisers had also accepted our request and agreed not to associate PUCL with the event .

We share with the human rights community both our statement as also the communication to the organisers of the Lecture.

This entire incident has made us realise the tremendous sense of respect and good will that PUCL has amongst the human rights community in India and the onerous responsibility that it casts on us to continue to contribute and strengthen the human rights movement in India.

I would like through this mail, to extend an invitation to all those who have contacted us as also the many others in the human rights community who shared the sentiments of those who actually wrote or contacted us, to continue to dialogue, interact and involve themselves with the PUCL movement.

I would also like to extend an invitation to all friends from the rights movement to participate in the XI PUCL National Convention that is to take place in Jaipur on 1stand 2nd December, 2012 on the theme, `People’s Insecurity in the name of National Security: Citizens’ Rights, Democracy and State Terrorism’. The invitation and details of the thematic sessions can be found in the PUCL website.

Anant Bhan and Sunita Bandewar have responded to this article questioning some of the claims in the editorial.The resposne hasbeen published in the latest NMJI and is belowThe UIDAI project: why some of the optimism might be nir-aadhar

The article by Nandan Nilekani in the NMJI 2011 May-June issue[1] provides an interesting laundry list of advantages which an Aadhar number could provide to those registered through the Unique Identification Authority of India (UIDAI). Nonetheless, it is surprising to see no equivalent of a limitations section. The article fails to present a holistic and full picture of the landscape- in absence of any reference to expected challenges, the potential for duplication of existing mechanisms; and
threats the Aadhar project poses, particularly to privacy of personal information of individuals, and data security- and mention of any proposed measures the UIDAI is taking to address these. Even a cursory uninformed examination of the claims in the article will lead the reader to believe that while the intention is laudable, the process and means can definitely be causes of concern. As readers, we had several questions related to the approach to, implementation of as well as legislative
adequacy of the UIDAI initiative and their implications for its success. .

Why two sets of identification data?

It is unclear as to why two sets of identification data – demographic and bio-informatics – are required for securing an Aadhar number. Also, the operational aspects and possible misuse could be causes of concern. Currently individuals face many problems in fulfilling the expectations of producing proof of residence, birth date etc. for securing other key government identification documents (such as voting card, passport and ration card) and it is unspecified how similar tribulations would be minimized for those seeking an Aadhar number?

Would securing an Aadhar number truly remain voluntary?

While some benefits of having an Aadhar number are pointed out like immunization tracking for children, the system also worrying suggests a clear link between basic health provisioning (such as immunization) and the need for official proof of being an Indian resident (to be certified through the possession of an Aadhar number). If this is indeed the case, it would mean that providers especially in the public healthcare system might not be able to provide any kind of health services to vulnerable populations like ‘illegal’ immigrants in the country. It should not be the duty or responsibility of a healthcare provider to sit in judgment on a patient’s legal status of entitlement of health services. A patient presenting at a healthcare facility without an Aadhar number might be suspected of being a non-citizen- and stigmatized- and not provided any health services, or even worse, pursued by the state machinery. Linking Aadhar to essential public health services like immunization could mean that undocumented immigrants, among other vulnerable groups, would shun health programs and hence put themselves and others in the community at risk of vaccine-preventable and other communicable conditions.

Although, it is currently voluntary to opt to secure an Aadhar number, the emphasis on its use in health care context in the way Nilekani advocates in the article might run the risk of Aadhar number becoming almost inevitable and “mandatory” for better, swifter and smoother access to health care in due course of time. Aadhar has already become compulsory for LPG provision by government oil companies as part of a pilot project in Mysore[2]. Similar concerns have been expressed by others, too[3].

Wouldn’t the proposal of use of Aadhar for immunization tracking be duplication of efforts?

The government has already launched a separate system for maternal and child health tracking,including immunization[4] through the National Rural Health Mission Health Management Information System (http://nrhm-mis.nic.in/mchtracking.htm http://nrhm-mcts.nic.in/) and it’s not clear why UIDAI should aim to replicate the same through Aadhar. We believe there might be other instances where such replication of efforts might be probable- this is both a waste of resources and increases the chances of threats to data security.

Is the health system sufficiently equipped to use Aadhar number?

Assuming the Aadhar number could finally be used in the health care context as Nilekani delineates, is our health system equipped with the required e-platform across the nation; and are there adequately trained human resources to run such a sophisticated system available, or being recruited, at every level within the health system? It appears that the use of the Aadhar number as envisioned would warrant inter-ministerial and inter-sectoral coordination and resource investment for its meaningful realization. It is not clear as to how this is being planned and executed.

Would the system to protect privacy and data protection be truly foolproof?

The issue of privacy of personal information (especially health) and associated challenges are not mentioned in the article. It is also not clear as how data safety will be ensured. In response to one of the questions in the parliament regarding mechanisms to protect data from unauthorised use in UIDAI, it was said that the data would be encrypted at source along with measures such as limiting physical use, and putting standard security infrastructure[5].

We wonder if that would be sufficient given the current trends of data theft from the supposedly safe and well protected sectors, such as banking and information technology which use similar mechanisms. As instances of theft and misuse of information becomes commonplace, as evidenced by increasing credit card fraud and frequent hacking of government websites[6],any framework for information collection which does not have robust safeguards should be grounds for concern. As well, India does not have any coherent policy or law governing data encryption [7],[8], [9].

In the contemporary context of globalised terrorism, it would also be challenging for the UIDAI to comply with the promise of confidentiality towards data collected if faced with mounting pressures from investigation and intelligence agencies, whether domestic or foreign, to share bioinformatics information of individuals suspected to be associated with terrorism and violence. Although a
somewhat different context, the recent episode of a vaccination campaign launched by the US intelligence agency CIA aimed specifically at collecting DNA samples from the Osama Bin Laden household in Abbottabad in Pakistan[10] is representative of reasons for our concerns on this front of the potential of misuse of a public health program collecting identifiable data.

The initial Aadhar registration system being implemented also provides reason for worry. As the enrolment process has been sub-contracted via tenders to private firms, there is seemingly no guarantee of how information and data security will be maintained. Moreover, ensuring data protection from interested parties such as insurance companies who could choose to deny health insurance coverage to individuals based on their health profiles is paramount. Unless stringent safeguards are built in, the Aadhar number could be a serious and risky intrusion into our privacy.

Furthermore, it is ambiguous as to how harmonization and reconciliation across various legal apparatuses, such as, the National Identification Authority of India Bill and the proposed Right to Privacy Bill[11] would be achieved with regards to protecting personal information gathered under the Aadhar project.

Against this backdrop,we believe the editorial by Nilekani raises more questions than provides answers, and hence it is apt to question the claims of the article.

Finally, we also find it disconcerting that though the author declares his affiliation with the UIDAI, there is no conflict of interest statement in the article. Nilekani as head of the initiative is expected to have a positive bias towards the program. We believe it would have been good practice for a conflict of interest statement to have been appended with the article.

The Nandan Nilekani led- Unique ID project has enrolled more than 100 million Indians. They say this will give them not just an identity, but take India closer to a social revolution. And for a while, largely because of immense goodwill that Nandan Nilekani enjoyed, people ignored the voices of civil society groups that say UID violates privacy, or that it’s going to replace subsidies with cash. But now, those voices have grown louder. More worryingly for Nilekani, the home ministry says the UID data is flawed. And a standing committee of Parliament says it’s a project without direction. This week, on Truth vs Hype, an on the ground investigation: is Aadhaar a nuisance or an opportunity? And more to the point – does it have a future?

The government is likely to sort out differences between the home ministry and Planning Commission over data collection for UID cards this week.

The Nandan Nilekani-led UID project has been touted as the world’s largest, most advanced, biometric database of personal identities. And many believe, according to reports, that the UID is meant to be more secure than the US’ Social Security Number (SSN).

In the absence of a coherent privacy law, Indian CISOs aren’t buying that. “Even SSNs have been misused by criminals for years. The flaw of any personal identification project is that when you input data into a database, there must be an assured mechanism in place. Fingerprints have inherent inaccuracies as a proof of identification and retina scans make data storage requirements much higher,” says security and privacy expert Deepak Rout. “If you don’t provide enough security, then chaos is inevitable.”

Though reports suggest that Nilekani has said that use of UID cards will be voluntary, it becoming mandatory cannot be ruled out. When all transactions will get linked to a single number, the same may be used by various state agencies to monitor citizens’ activities. This may interfere with an individual’s right to privacy. “Even if owning an Aadhaar card is made compulsory, I’ll stay out of it as long as I can,” says Rout.

Pawan Kumar Singh, CISO at Tulip Telecom agrees. “I am still insecure with the idea of entrusting my data to the government. Would I go for a UID card? No, thanks. The government may lay down stringent rules but where is the enforcement mechanism? UIDAI’s security policy will remain like our constitution–on paper–if citizen awareness is not brought up.” Singh believes that India isn’t ready to consolidate its entire citizens’ personal data on a single card.

Both Singh and Rout have reason to worry. In October last year, the UID project saw its first victim of privacy breach. A citizen from Maharashtra lodged a complaint stating that his address proof was compromised. The incident raised concerns on the vulnerability of personal data being collected by UIDAI. And that’s just one of the many instances of security breaches.

Even those close to the UID project are raising questions on the loopholes that may exist in the project. Sanjay Deshpande, CEO and CIO at Uniken Technologies–a security firm that was involved in initial talks with the UID project team–says that UID could be vulnerable to insider attacks. “How are they (the government) going to ensure that the systems aren’t vulnerable to insider threat? How trustworthy are the people handling a citizen’s personal identity? Also, are the biometric devices used by the government foolproof? You might have heard of losing your e-mail ids and passwords at an Internet café owing to malicious software in public computers. How is the government ensuring that the data capture device by itself is not malicious?” asks Deshpande.

Application level security is another major concern. “My problem as an Indian citizen–once the UID project starts collecting biometric data everywhere—is how would we prove our disassociation with a wrong UID and a crime we have not committed?” asks Deshpande.

While the cabinet decides the fate of the government’s ambitious UID project, it seems like Indian CISOs have already written its destiny. The question now remains – Do you trust the government with your data?

For any queries, you can contact the author at: shweta_rao@idgindia.com